In this first content module, we set the stage by defining what we mean by the “cyber domain” and primarily focus on who non-state actors are in this context. We will look at how non-state actors in cyberspace evolved into significant players in global security. We will compare their capabilities with those of states and we will review how states sometimes use non-state actors as proxies to achieve their own goals. We will also look at the most common targets of these malicious actors. Understanding these dynamics is essential for anyone navigating an increasingly digital world. The influence and cyber operations of non-state cyber actors have far-reaching consequences that impact individuals, businesses, and governments alike. Gaining insight into these threats empowers us all to think more critically about digital security, privacy, and the policies that shape our online environment.

While the previous module introduced actors and targets in the cyber domain, this lesson shifts focus to the technical side of their operations. Here, we explore the “how”—the core tools and strategies non-state actors use to conduct cyberattacks. Gaining this technical baseline is essential for understanding the tools within their arsenal. These tools enable a wide range of malicious activities. These tactics—including malware deployment, phishing schemes, manipulation through social engineering, denial-of-service (DoS) attacks, identity fabrication, and content amplification techniques —are central to the operational playbook of cybercriminals, hacktivists, terrorists, and others. Understanding how these tools work is critical to recognizing, defending against, and responding to modern cyber threats.

Having examined the common techniques non-state actors use it’s important to understand the broader context in which these tools are deployed. In this module, we categorize the major types of cyber threats originating from non-state actors. By organizing their activities into categories such as cybercrime, cyberterrorism, cyber espionage, information operations and by analyzing common attack techniques, we can better understand the motives and impacts of each type of threat. This framework is important because it helps us make sense of a complex and evolving threat landscape, identify patterns, and develop more effective responses. These threats are no longer limited to governments or large corporations; they increasingly affect everyday people. By understanding how non-state actors operate, individuals can better recognize potential risks, safeguard their personal information, and play a role in strengthening overall digital security. We will examine examples and characteristics of each category, highlighting how these threats affect our economy, national security, and daily life.

Having examined the types of threats non-state cyber actors pose—such as cybercrime, cyberterrorism, cyber espionage, and information operations—along with the techniques they commonly use, we now turn to explore why these actors deploy such tools and what outcomes they seek to achieve. While categorizing threats helps us understand different types of malicious cyber activity, in practice these categories often overlap. The objectives and impacts—financial gain, political destabilization, ideological influence, or disruption of critical infrastructure—can appear similar across threat types. For example, both a cybercriminal and a cyberterrorist might target the same hospital system with ransomware, but for very different reasons. Further, a single operation can also serve multiple purposes, such as combining financial gain with propaganda or using a disruptive attack to both intimidate and erode trust in institutions. Recognizing these overlapping and layered objectives is essential for understanding the complexity of non-state cyber threats. These overlaps are one reason the modules are structured as they are: by first examining techniques and threat types, and then analyzing broader strategic goals and impacts, we gain a clearer view of an evolving and interconnected threat landscape. In this module, we focus on how non-state cyber actors align their tools and techniques with strategic objectives. Through real-world examples, we’ll examine how various actors pursue influence, disruption, or advantage across sectors—shedding light on how cyber operations function as instruments of larger agendas.

Non-state actors are now central players in global cyber conflict. While state-sponsored cyber operations often dominate headlines, the more diverse, agile, and loosely governed activities of non-state groups present equally urgent and growing risks. These actors range from criminal syndicates and ideological extremists to hacktivist collectives and private intelligence brokers. What unites them is their ability to exploit cyberspace to cause harm—often without crossing physical borders or fitting neatly into traditional categories of warfare or crime. In this module, we examine the broader global response to the challenge of non-state actors, beginning with the why: What makes non-state cyber actors such a serious threat? What consequences have already emerged from their activities, and why is the international community struggling to manage them effectively? We then turn to the how: What frameworks, tools, and legal concepts are available to governments and international organizations to deter, investigate, and respond to non-state cyber operations? What legal gaps remain? And how are new norms and responses evolving to meet the complexity of a threat that outpaces traditional policymaking?

In this concluding module, we take stock of the current landscape and consider what can be done to address it. Cyber threats by non-state actors are not static, they evolve with technology and geopolitics. We will examine ongoing trends, such as the increasing sophistication of these actors, as well as advancements in intelligence and proactive defenses that could help counter threats. We’ll stress the ongoing importance of public awareness and strong cyber hygiene as a frontline defense. Finally, we’ll consider the legal and international initiatives already underway, as well as those still needed, to strengthen cyberspace governance and reduce risks from non-state actors.